Collection of Penetration Testing Tools and Resources [Living Document]

Collection of Penetration Testing Tools and Resources [Living Document]

ยท

2 min read

This article serves as a living document, which I will continually update with the penetration testing tools and resources that I regularly use.

๐Ÿ›‘
Under no circumstances should you utilize any tool against a target without obtaining prior written consent. I am not responsible for your actions.

๐ŸŒ Network Scanners

nmap: https://nmap.org/download

rustscan: https://github.com/RustScan/RustScan

autorecon: https://github.com/Tib3rius/AutoRecon

๐Ÿ–ฅ Enumerate Samba

enum4linux: https://github.com/CiscoCXSecurity/enum4linux

smbclient: https://www.samba.org/samba/docs/current/man-html/smbclient.1.html

smbmap: https://github.com/ShawnDEvans/smbmap

rpcclient: https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html

๐Ÿ—„ Enumerate DNS Records

dnsrecon: https://github.com/darkoperator/dnsrecon

dnsenum: https://github.com/fwaeytens/dnsenum

fierce: https://github.com/mschwager/fierce

dns dumpster: https://dnsdumpster.com/

๐Ÿ”Ž Web Fuzzers

dirb: https://github.com/v0re/dirb

dirbuster: https://github.com/KajanM/DirBuster

ffuf: https://github.com/ffuf/ffuf

gobuster: https://github.com/OJ/gobuster

๐Ÿ“ WordPress Vulnerability Scanner

wpscan: https://github.com/wpscanteam/wpscan

๐Ÿ’‰ SQL Vulnerability Scanner

sqlmap: https://github.com/sqlmapproject/sqlmap

๐Ÿ”‘ Cracking

john-the-ripper: https://github.com/openwall/john

hashcat: https://github.com/hashcat/hashcat

aircrack-ng: https://www.aircrack-ng.org/

cyberchef: https://gchq.github.io/CyberChef/

crackstation: https://crackstation.net/

anycript: https://anycript.com/

hashid: https://hashes.com/en/tools/hash_identifier

hashcat hashes: https://hashcat.net/wiki/doku.php?id=example_hashes

๐Ÿฆพ Brute Force

hydra: https://github.com/vanhauser-thc/thc-hydra

๐Ÿงฑ Pivoting

sshuttle: https://github.com/sshuttle/sshuttle

chisel: https://github.com/jpillora/chisel

socat: http://www.dest-unreach.org/socat/

๐Ÿ›ก Vulnerability Scanners

nikto: https://github.com/sullo/nikto

nessus: https://www.tenable.com/products/nessus

๐Ÿดโ€โ˜ ๏ธ Penetration Testing Framework

metasploit: https://www.metasploit.com/

๐Ÿš Shells

pentestmonkey:https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php

payloadsallthethings:https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md

๐Ÿ“ˆ Privilege Escalation

deepce: https://github.com/stealthcopter/deepce

gtfobins: https://gtfobins.github.io/

winpeas: https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS

linpeas: https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS

windows exploit suggester: https://github.com/bitsadmin/wesng

linenum: https://github.com/rebootuser/LinEnum

pspy64: https://github.com/DominicBreuker/pspy

priv2admin: https://github.com/gtworek/Priv2Admin

linux privesc: https://exploit-notes.hdks.org/exploit/linux/privilege-escalation/

๐Ÿ•ธ Web Application Proxy

burpsuite: https://portswigger.net/burp/communitydownload

caido: https://caido.io/

owasp zap: https://www.zaproxy.org/

๐Ÿ’Š Packet Analyzer

wireshark: https://www.wireshark.org/

๐ŸชŸ Active Directory

bloodhound: https://github.com/BloodHoundAD/BloodHound

sharphound: https://github.com/BloodHoundAD/SharpHound

adpeas: https://github.com/61106960/adPEAS

powersploit: https://github.com/PowerShellMafia/PowerSploit

psmapexec: https://github.com/The-Viper-One/PsMapExec

crackmapexec: https://github.com/mpgn/CrackMapExec

kerbrute: https://github.com/ropnop/kerbrute

rubeus: https://github.com/GhostPack/Rubeus

impacket: https://github.com/fortra/impacket

mimikatz: https://github.com/ParrotSec/mimikatz

evil-winrm: https://github.com/Hackplayers/evil-winrm

๐Ÿ“ก C2 Frameworks

powershell empire/starkiller: https://github.com/BC-SECURITY/Starkiller

armitage: https://github.com/r00t0v3rr1d3/armitage

covenant: https://github.com/cobbr/Covenant

๐Ÿ•ต๏ธโ€โ™‚๏ธ OSINT

social-engineering toolkit: https://github.com/trustedsec/social-engineer-toolkit

whatweb: https://github.com/urbanadventurer/WhatWeb

osint framework: https://osintframework.com/

netcraft: https://sitereport.netcraft.com/

osint.sh: https://osint.sh/

melissa lookups: https://lookups.melissa.com/home/

whatsmyname: https://whatsmyname.app

credential hunting: https://dehashed.com/

haveibeenpwned: https://haveibeenpwned.com/

๐Ÿงฉ Browser Extensions

builtwith:https://addons.mozilla.org/en-US/firefox/addon/builtwith/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

cookie-editor:https://addons.mozilla.org/en-US/firefox/addon/cookie-editor/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

dotgit:https://addons.mozilla.org/en-US/firefox/addon/dotgit/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

foxyproxy:https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

hack-tools:https://addons.mozilla.org/en-US/firefox/addon/hacktools/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

wappalyzer:https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/

Current as of 24 August 2023

Did you find this article valuable?

Support Jake Garrison by becoming a sponsor. Any amount is appreciated!

ย